Yes, I know some of these are expensive, but here’s my rationale. The annual (ISC)² Harold F. Tipton Award recognizes an individuals life-long contributions to the improvement of the information security profession. The award’s namesake is a security industry pioneer and (ISC)² co-founder and Certified Information Systems Security Professional (CISSP) education director. So if he is responsible for CISSP education it makes sense that the information you need to be successful in information security and to pass the CISSP exam will come from his books. So go buy volume 1 and start reading. And yes, I know there are over 3,000 pages in volume 1. So read 50 a day and you’ll be done in 2 months. Then you can move on to Volume 2.

In the coming weeks, I will be looking at each individual Domain within CISSP and will be sharing some additional reading material with you. Also, check out Skillset’s collection of free CISSP practice questions.

J Kenneth (Ken) Magee is president and owner of Data Security Consultation and Training, LLC, which specializes in data security auditing and information security training. He has over 30 years of IT experience in both private industry and the public sector with the last 18 devoted to IT security and Risk Management.
Ken holds degrees from Robert Morris University and Fairleigh Dickinson University. He holds 22 certifications including: CISSP-ISSMP, CAP, CISA, CISM, ISO 27001 PA, GIAC-GWAPT/GSEC/GSNA, CIA-CGAP, Security+, and CDP. He is a Senior Instructor with the InfoSec Institute. Ken is also involved with the U.S. Cyber Challenge program.

Mike,
Both the Shon Harris book and the Official Guide to the CISSP CBK are available from Amazon as Kindle e-books. I have not seen the Harold Tipton “Information Security Management Handbook, Sixth Edition” in e-book format.

Kenneth: Compared to the CISM, the CISSP seems on the technical end of the spectrum and the CISM on the process/operational management end of the spectrum (without including any Cisco Certs in this comparison). Based on your reviews, those 2 seem to complement each other well and together would provide a well-rounded ITSec knowledge base.

From both a professional improvement and career standpoint, which of those 2 would you feel you derive the most value from?

Kenneth Magee

Emric,

You are correct in your analylsis that the CISSP provides a more technical aspect to the security information knowledge spectrum. I would not attempt to choose between the CISM and the CISSP as an either/or situation, rather, I would suggest that a serious professional would want to have both and more. You will note in the article “CISSP – Reading is Required” that in addition to the certifications a serious security professional is also an avid reader. The series on Information Security Management by Tipton is one that I have on my shelf, in the same regards ISACA is publishing a lot of article on “Metrics” which you will find constitutes a significant number of questions on the CISM exam. In speaking of wanting to have both and more, I would suggest that in addition to the CISSP and CISM that you strive to achieve additional more specific certifications. CRISC from ISACA if your focus is or might be on Risk Management and the ISSEP concentration from ISC2 if you are more technically focused. Information Security and in particular Risk Management is a rapidly expanding field. I look forward to seeing you in one of InfoSec’s boot camps in the near future.

Kenneth

Tee Dee

With all of the changes forthcoming for the exam, will these books still be a solid resource or will new editions be forthcoming? I could use the money I save for the cost of the exam!

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Does your employer pay for training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills you knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam